The government has refused to investigate BT's covert wiretapping of thousands of its customers in 2006 and 2007, despite its own expert's view that without consent Phorm's advertising targeting technology is a breach of criminal law.
Whitehall's willingness to turn a blind eye to the fact that tens of thousands of people were …

Sad but true!

I'm voting Liberal

I have always up to now supported the Labour party. I now think that the Liberals are a more trusted party since they seem to have the only pro active MP's on this very important matter. Labours ineffectiveness in this matter loses them my Vote. Confusion reigns supreme Gordon Brown. Get a grip and show that nobody is above the law!

err..

> "I'm absolutely sickened and appalled," Pete John, who has tried to interest authorities, told The Register this week.

Get a grip, I told Pete John this week. With all that goes on in the world, if that's the kind of thing that sickens and appalls you then I'm surprised you have the wherewithall to get out of bed in the morning.

Sounds like our politicians can get on with doing something useful...

The Tribunal's remit excludes it from acting. "ICO say the Home Office. The Police say the Home Office. The Home Office say they have no investigative role".

If the politicians are serious ( but, hey, we know they aren't) they'd investigate in a Parliamentary committee and then NTBs into the future. Other than prison and punative damages there is little that can be done about the past now but the bleeders need to be stopped from taking the mick in future.

Can BT, Phorm and the rest be nailed under trading standards legislation?

@This just gets worse

Cop Out or corruption?

Can we start taking bets on how long it is before certain key people in government departments that seem to muddying the waters on purpose jump ship and join Phorm?

That bloody "Consent" thing keeps coming up.

I run websites - I DO NOT give consent for phorm (and BT, Talk Talk or Virgin) permission to intercept my traffic.

Mabye if a lot of website owners blacklisted the entire BT, Talk Talk and Virgin IP address ranges so they get a message that says something like "Your ISP is a leeching parasitic scum merchant who would sell his granny for a snort of Cocaine" they might get the message?

Actually even better - a redirect so that they get a page full of the nasty truth about Phorm and then topped up with choice keywords would be good (it would certainly screw up the Phorm profilers.) before they get to the actual website.

No more writing letters.

Anyone willing to put their name on the line and march on Parliament? Peaceful protest my left ass cheek; Through the doors and into the PM's private chambers, so he knows just HOW pissed off the informed public are.

Me to :(

I have an extremely dismissive letter from Tony McNulty which more or less says "It's not my problem. It's the ISPs responsibility to make sure they don't breach RIPA"

I'm drafting a suitably worded reply, but it's taking a while, since I'm having difficulty framing a sentence without using the phrase "greasy shiteweasel".

As of today, sadly, the position seems to be that public bodies can breach RIPA, in which case they'll be investigated, but this will never come about since everything they do that's covered by RIPA will have been rubberstamped (see Reg passim), that individuals can breach RIPA, in which case inspector knacker will stuff them in chokey for five years, and that corporations can breach RIPA and no one will give a flying fuck.

Fortunately, I can't see this position lasting long, there's to much for the opposition parties and the tabloids to get their teeth into. I mean come one, NuLabour allows big corps to trample over "terrorism"* legislation is a big stick with which to beat an already embattled Prime Minister.

So, on with the fight. The failtrain is still en route, it's just delayed by red tape on the line.

*I know, it actually has very little to do with terrorism, but no one tell the Daily Mail that just yet, eh ?

A new RFC is needed ...

Putting an MD5 hash for every page a server creates in the HTTP header. Clients could perform a matching hash, and if they don't match refuse to display the page. I'm sure Amazon and eBay would be thrilled to know customers were unable to view their pages because of phorm injected crap .....

This is great news, they've just made themselves liable.

Anyone who has had any kind of response from the Home Office, hang on to it. Could come in handy as evidence. Now the Home Office are involved, they have brought the matter within the scope of a Judicial Review. Fatal error. We've just seen how Judicial Reviews feel about the government illegally granting impunity to private corporations in the matter of SFO vs BAE - and they do not like it.

Tow the line

I wrote to my MP (Celia Barlow (Lab)) a few weeks ago to ask for her support against this technology. Her reply is below:

"Phorm Programs, Open Internet Exchange (OIX) and Webwise are designed solely for advertising, and increased privacy settings. Phorm's ad serving technology uses anonymised data, and does not store any personally identifiable information or IP addresses. The use of OIX and Webwise is voluntary, and as a mother of 3 children, I too am concerned about privacy and monitoring their internet use.

I have passed on your concerns to Michael Wills, Minister of State for the Ministry of Justice. I hope the Minister will be able to provide you with further information. I will write again once I have received a reply."

According to theyworkforyou.com my MP tows the party line on all issues. So I would assume that the above text is consistent with Government feeling. It's nice to see that a new, and additional, method of intercepting private communication can increase privacy. I would have thought that was logically impossible but maybe that is why I am not a leader of people.

ill leave it to florence to post her views on this matter, as im sure she will be reading this latest news revelation.....as theres a link posted as always to your indepth coverage..

shame the other news outlets dont get their purpose is to inform and investigate, not re-post pre-made PR stories to get the front page counts up....

it seems though, Simon Watkin is on our side, and has been taken out of context by the ISP's, Kurt and the many Phorm/webwise PR teams to make their pimping users copyrighted datastreams for profit projects as profitable as possible.

shame their piracy of user datastreaming piramid scam is falling through the floor looking at the latest market share prices ;)

to reiterate, Simon Watkin makes it cristal clear:

"Simon Watkin HO:it wasn't, and didn't purport to be, based upon a detailed

technical examination of any particular technology. "

"Simon Watkin HO:As much as we were saying was, that in relation to RIPA, we considered it

**may** be possible for such services to be offered lawfully - but it all

depends on how they are offered and how they work."

"Simon Watkin HO:It's not a ruling. It's not advice. It's not a legal opinion. It's a view

and - repeating myself - all it says is it **may** be possible for such

Don't know why we're surprised...

This government knows nothing about data protection or protecting privacy. I'm one of 25 million people who had their personal details lost by the government, and have had one letter to say it happened (like we didn't know this already!). No apology, no compensation. And let's not forget about the other recent losses - all taken place without any basic security being applied to the data.

Of course, I may be being totally cynical, but I'm sure ex-ministers sitting on BT's board won't have ANY bearing on the government's (in)decision to act...

Pass the parcel

Its good to see that the register is still on the case and its good to see lib-dem MP Don Foster is staying closely in touch with all that is going on. This ridiculous (deliberately obstructive?) game of pass the parcel between the ICO, Home Office, Police etc needs to stop. Potentially thousands of criminal offences have been committed in the secret trials of 2006 and 2007 and its time the Home Office did its job and moved to uphold the laws of the land.

If they wont do so then maybe they can be so bold as to point us to a single parliamentary act that they passed giving either BT or Phorm immunity from prosecution? If they cant then they should damn well do what they are paid to do and instruct the police to launch a criminal investigation.

In the mean time here is a link to a new term I have added to urban dictionary "terra-phorming":

The last time we incubated anything

It would appear that, if BT, or anyone else passed your information to another company without your knowledge or agreement, then your argument is with BT for breach of contract.

So, why anyone with a choice in the matter still signs up for a BT service totally beats me. At the end of the day, you get what you deserve for not being more discerning in the first place.

And if Virgin tries this caper, as was proposed, then my internet connection will be terminated, and it's back to POTS for this end user and my business, until legislation is evident that will protect my business from industrial espionage.

Which is how I consider this little invasion of privacy by Phorm and BT.

Re: so What

Time to 'police' ourselves

For those who object to having their browsing intercepted - change ISP.

BT's broadband pages are full of how they protect customers from AdWare - not true. Is this enough to invalidate their contract with you. I would argue the case if I were with BT.

For webmasters - big warning messages for all BT IP addresses + any other addresses that are tied into profilers from anywhere in the world. I don't earn any income from USA visitors anyway so warn them all.

The Sun will never do anything - look who pays for its advertising space.

Not too sure who owns the local press - the reporters can't all be such fools (Weston-super-Mare excluded from this rant). Maybe they charge BT et al enough for advertising space to cover all the costs of weekly printing so dare not say anything that could risk that income.

Next week I will see what I can get into the school's weekly rag. Even a circulation of 500 is better than none.

The internet is more powerful than this - use it. Because some of us care and have not been blinded nor made dumb.

Re: Ash

Yeah, because protest marches worked for the anti-Iraq demonstrations and the anti-hunt-ban demonstrations, which I believe were the largest demonstrations in British history. Demonstrations do not work as an expression of opinion, only as a threat of violence, and British people, unlike, say, the French, aren't currently capable of the latter. This is because the government doesn't give two s---s about what you think, only about its survival.

The good news is that BT and Phorm are private companies (in the narrow sense, not the share ownership sense), so unlike Iraq, we do at least have something of a say in the matter. Change your ISP, and if you don't want your website's traffic intercepted, block access from ISPs that use them.

working link...

Release the hounds

For more detail see this site:

http://www.hmcourts-service.gov.uk/cms/1220.htm

Judicial review is the procedure by which you can seek to challenge the decision, action or failure to act of a public body such as a government department or a local authority or other body exercising a public law function. If you are challenging the decision of a court, the jurisdiction of judicial review extends only to decisions of inferior courts. It does not extend to decisions of the High Court or Court of Appeal. Judicial review must be used where you are seeking:

* a mandatory order (i.e. an order requiring the public body to do something and formerly known as an order of mandamus);

* a prohibiting order (i.e. an order preventing the public body from doing something and formerly known as an order of prohibition); or

* a quashing order (i.e. an order quashing the public body's decision and formerly known as an order of certiorari)

* a declaration

* HRA Damages

Claims will generally be heard by a single Judge sitting in open Court at the Royal Courts of Justice in London. They may be heard by a Divisional Court (a court of two judges) where the Court so directs.

A fee of £50.00 is payable when you lodge your application for permission to apply for Judicial Review. A further £180.00 is payable if you wish to pursue the claim after permission is granted (Civil Proceedings Fees Order 2004).

NB - If you are in receipt of certain types of benefits you may be entitled to exemption/remission of any fee due.

Corruption at BT?

http://www.theregister.co.uk/2008/04/03/bt_phorm_interview/ - Stratis Scleparis left his position as Chief Technology Officer at BT to join Phorm after the 2007 trial. Public defence of BT's position is then undertaken by Emma Sanderson of BT Retail.

It has since been alleged that the trials of 2007, which were kept secret from both BT customers and BT support staff, were performed without a contract having been entered into between BT and Phorm; that at the time Phorm was still 121Media; that the results of the trial were used to populate Phorm's database.

The allegations, if true, suggest at that persons at BT failed in due diligence over the 2007 trial, which may have been run without the knowledge of the BT board, and specifically the then chief executive. That data which is the property of BT may have been illicitly transferred to Phorm. That persons at BT may have conspired to act illicitly. That they may have been corruptly induced to do so.

tabloid comments

I just hope if it does hit the tabloids it isnt represented in an untruthful manner, more lies about it will not help.

To those of you that say its about whether you have something to hide, its not! If you believe everyone should be open about everything tear down your curtains and give all your neighbours binoculars to watch your every move.

Legal Begal my Ar*e

So the government asks ISP's to help police the net, in exchange for ignoring them breaking the law with this new advertising scam, they all get rich and less P2P traffic on their networks cause they busy grassing us all up for crimes that have no pysical bearing on our society, Does Gorden Brown/labour ever think of anything else but the economy?

£100 for Judicial Review?

@so what - anonymous coward

I know your post is flame bait, but once Phorm has invaded everything you surf, try explaining to your kids why they get adverts for viagra and hot milf hardcore gangbang on gamesmate because Phorm has skimmed these key words from your spam infested yahoo / hotmail account which you access once a week to clear down.

A variation of an old joke

It’s a variation of an old joke: Tap the Internet connection of one person and you’re a nosey relative; tap the Internet connection of ten people and you’re an illegal private investigator; tap the Internet connection of 38,000 people and you’re big business.

The government needs to get its act together, and fast. This harms customer confidence, which harms the economy. This harms the confidence of those outside the country looking to do business with us. If there is no way to bring BT to account, then every company across the country can, from today, start intercepting voice and data communications at will.

When the music stops, you're the one who has to deal with phorm...

What a surptise, this has been a whitewashing of concerns by every interested party. BT and phorm tell us this thing won't invade privacy, but give us conflicting reasons as to why not, at the FAQ session Simon Davies acknowledges that the big issue is legality, but then asks everyone not to talk about it, and now HMG (Who I've suspected always wanted this kind of access) won't take action on it.

It's the ISP's responsibility to make sure they don't break RIPA? That may be, but it's sure as hell this governments responsibility to intervene when they do! This is farcical, if it had been a teenager downloading a few songs that the BPI had asked them to investigate then you can guarantee they would've been knocking down his bedroom door before you could say "hasty search warrant", but because it's the citizens (who MP's are supposed to represent) complaining against big business, nothing gets done! I guess we know who makes the bigger campaign contributions!

@JonB

Socialism (you know, the sort of stuff the Labour Party used to believe in) used to run on the basis of 'Do what we tell you and we'll see you're looked after'. Like that or not, it was consistent.

New Labour's version? 'Do what we tell you and we'll crap all over you anyway' .....

But of course, resources of law enforcement agencies cannot possibly be diverted from essential tasks like shooting random Brazilians and safeguarding us from the worldwide Islamist terrorist movement, can they?

Re:£100 for Judicial Review?

The only way to beat Phorm is with *organised* protests and legal action. All of the current 'pressure groups' are no more than rant shops.

What is needed is someone with PR skill and/or legal training to head up a *real* anti-Phorm organisation that we can support with real money. I would gladly stump up, say, £100 a month to fight this obscenity, and I'm sure many others would, too.

Once you have an organisation with real power (i.e. money) then you can really lay into Phorm. Legal action, full page newspaper ads, mailshots to Phormed ISP customers, intense lobbying of MPs.

Unfortunately I have no PR experience, little legal experience and absolutely no idea how to go about setting up such an organisation (would it be a charity?) Anyone care to step forward???

Judicial review - How to apply

As I have maintained all along...

(Tin foil hat on and special flamebait shirt done up!)

Most people use those bloody insidious supermarket loyalty cards, which in my opinion are the biggest excuse for a private company to gather personal information. TESCO, whom I believe have one of the largest customer spending habit databases in the country, but no one minds using the cards and getting their tiny little prize of a fiver off their shopping, at the end of the year do they? Before you start bleating about Phorm/BT, double check your wallet and make sure your shredding your waste paper too!

Until Joe Public actually hears anything about this, this is simply going to be a big shouting match in a quiet little geek corner. Want to make a difference? Simply tell everyone you know who is on the internet in some form or other, that basically their credit info and personal details will sold off to some ad agency in about 6 months time, unless they kick BT/VM/TT up the arse to demand Phorm be removed ASAP. Oh and ask people to stop using those nasty little loyalty cards while you're at it!

Oh Dear

"The tribunal has no jurisdiction to investigate complaints about private individuals or companies unless you believe they are acting on behalf of an intelligence agency, law enforcement body or other public authority covered by RIPA."

Do I read that right, Private individuals and companies are exempt from RIPA unless they are acting on behalf of a law enforcement agency?

well, thats all right then, I thought they were breaking the law when all the time it didnt apply to them.

I am moving house soon and going to change to one of the phorm free ISP's, once they go to phorm I'll move again until there are no more Phorm free ISP's.

Make no mistake this is going to go ahead, too much at stake for the businesses involved to let it phail, mores the pity!

Royal Mail

So the Royal Mail are allowed to open your post after all, as long as they are doing it to steal money from childrens birthday cards then it is allowed, as long as they are not a law enforcement agency... Who wants my vote? im giving in...

@ AC - re MD5 hash

Nothing to stop a man-in-the-middle (MITM) from rehashing the page and replacing the MD5. It'd have to be a cryptographically signed hash, but if you're gonna do that you may as well use HTTPS.

Of course, SSL doesn't prevent you from attacks at the client or the server, so all they'd probably do then is slip adware into their standard software build which intercepted the decrypted SSL data at the client.

@Teabag 2000

Perhaps you ought to point out to Celia Barlow, that a cookie with an ID number actually is personaly identifiable just like number plates are... they may both be random but they are both unique identifiers.

Re:As I have maintained all along...

First off, I don't have a loyalty card. I'm well aware of what the likes of Tesco use them for and refuse to have anything to do with them.

But even supermarket loyalty cards aren't as evil as Phorm.

You have to apply for a Tesco card, you are given Ts&Cs to read if you want, so there *is* informed consent. Phorm doesn't give you that.

Tesco pay you to use their card. Sure its peanuts, but that's more than you get for being spied on by Phorm.

Tesco can only track what you *buy* from *Tesco* stores. Phorm can track you everywhere on the WWW and track everything you do short of when you switch to SSL to make the payment. Browse TVs on the Argos site, then go to the Currys site, then, maybe Amazon. Phorm will profile you across *all* of them. Can you imagine the outcry from Morrisons if Tesco found a way to track what customers were looking at on their shelves, yet that is exactly the service that Phorm will provide it its partner sites.

No, Phorm is several orders of magnitude more evil than supermarket loyaty cards.

Secure Proxy?

I might be missing something here, maybe it is so obvious that it has been overlooked or it is so unworkable that it has been discarded.

If Phorm doesnt profile HTTPS connections is there a secure proxy and would this then provide a clear gateway to the internet since you would use the secure proxy as your initial point of call and then all other traffic comes back to you via the proxy.

BT sucks anyway... so why stay

bits to keep in mind for the future...

AC:"The government needs to get its act together, and fast. This harms customer confidence, which harms the economy. This harms the confidence of those outside the country looking to do business with us. If there is no way to bring BT to account, then every company across the country can, from today, start intercepting voice and data communications at will."

lets not forget the http://www.theregister.co.uk/2008/03/12/mobile_phom/

hmmmmm.......

@ ~Forum~

We don't need a forum, the only people reading it are the people who have been directed there from El Reg. We are already, to quote Andrew Orlowski, an "echo chamber".

We need wider discourse; tell your friends, neighbours, guy down the pub. Most of us here, correct me if I'm wrong, look after the computers of family, friends & neighbours. Tell them! Explain the insidious nature of this poxy Phorm/BT plan to pimp their data. Explain that it really isn't "Enhancing their browsing experience" etc. et bloody c.

Forget The Sun, get the discussion into the pages of the Daily Wail, Torygraph or Grauniad, that might wake up enough harpies, blue rinse brigade and "Disgusted of Tunbridge Wells", to make a real noise :-)

re: Home Secretary Webchat

Spooks go private

"It is important to remember that private companies such as ISPs are allowed to do certain things under section 3 of [the Regulation of Investigatory Powers Act] that Law Enforcement Agencies cannot do without permission."

So, companies are allowed to do things that the Government can't do when it comes to monitoring network traffic. Hmmm - so, the Government allows BT to monitor customers' traffic without permission from either a judge or the consumer themselves... now, what if BT just so happens to spot someone is looking at anti-democracy websites and they, purely out of civic-mindedness, decide to inform the police?

Voila! The State secretly gets to find out who's reading/saying what on-line without having to conform to annoying 'principles' such as human rights or judicial process.

An Absolutely BIZARRE UK Government

When your trusted ISP illegally subcontracts out 36,000 user accounts in secret to a known spyware merchant and tries marketing these actions afterwards as an enhanced privacy policy called Webwise then this must be the most bizarre internet event of all time.

Even more bizarre is the government in discussion with these hackers to allow them permanent access to all our private internet transactions thereafter.

@TrishaD

> "Can't be bothered " [sundry grumbles snipped]

It's not that nu labour can't be bothered - Bliar's ceaseless endeavours for an invasion of Iraq show they can perfectly when they want to - but that, of governing parties, New Labour has never run an empire. Just as the little englanders of recent times have passed into the hyperreal as tory-voting caricatures, so they are replaced by the nu labouring little-englanders in the real. And just as the old ones were genuinely nostalgic for a lost real empire, so the new ones feign nostalgia for an empire in the hyperreal.

@Neil Greatorex

Jaqui Bloodyuseless Smith...

On Saturday the ISP Pettition will be the 5th most signed current petiton on the downing street Petitions website and somehow Jaqui managed to selectivly avoid answering even one of many questions about phorm, I guess that is called moderation.

FOI request anyone?... a quick bit of research should reveal whether the questions answered reflected the questions asked.. or if moderation was used!

Warning messages for people I rather like that response

Not only could sites be changed for BT, Virgin Media, and Talk Talk, they could also be changed for the entire IP ranges that the civil service, military and government uses. That may very well drive the message home.

And hey why don't we share all their browsing habits amongst ourselves, whilst we are at, could build quite an interesting profile.

I have quite a few domains I am willing to do this with, they have a fair amount of traffic, if people are interested I will post a guide on how to do it with apache.

BT loyalty card?

Tesco, for example, have an unequivocal opt-in policy: don't accept the card and your shopping habits won't be profiled. Those who choose to opt-in enter into an agreement with the store whereby they receive financial benefits in return for allowing their purchasing habits to be analysed. I don't have a loyalty card through choice, but none the less it seems like a fair and equitable arrangement for those who do sign up.

Contrast this with the activities of BT which has carried out a massive, and probably illegal, covert surveillance operation on its own customers. BT loyalty card, anyone?

However, let's give credit where it is due. Stand up Tony Bliar and Gordon Brown, the architects of unregulated businesses and financial institutions. (Or as the spin meisters call it 'light-touch regulation'.) Well, that fucking works, doesn't it, guys. Credit squeeze, housing market in freefall, collapse of major bank, political intervention to stop an investigation into BAE corruption and now a blank cheque for all their corporate partners to spy on UK citizens.

Enough with the snake-oil salesmen. Vote for any party other than NuLabour or the Tories.

Home Office (in-)action

I've been emailing them to try and find out who to make my complaint to... And since (from their own analysis of the RIPA, my willingness to share the e-mail with the world is enough to make it legal) I include it here (any typos are theirs, this is a direct c&p):

Thankyou for you email related to Targeted Online Adverts. As you point out the issue is split between data protection, which is the responsibility of the Information Commissioner's Office and interception as defined by the Regulation of Investigatory Powers Act 2000 (RIPA), which is the responsibility of the Home Office. You are therefore correct to say that the Home Office is responsible for RIPA legislation. RIPA is primarily about how state bodies; such as the police, local councils the security and intelligence agencies, conduct some of their investigatory functions. RIPA exists to provide a statutory basis and operating framework for the Police and other law enforcement bodies to interfere with an individual's right to privacy for instance during the course of an investigation. An independent body exists to deal with complaints about breaches of RIPA in relation to the police or other State investigatory bodies.

The Home Office published a view http://cryptome.org/ho-phorm.htm based upon its understanding of targeted online advertising, specifically related to Phorm. It is important to add this is not a legal opinion, which only a court can give. This is the written response that has been supplied to Phorm and that which is mentioned in the Information Commissioner's statement. As mentioned in the view, there is the

possibility that a communications company can lawfully intercept communications. That is not to say whether or not that has happened in this case, it is for the communications company to ensure that they are compliant with the law.

----

My reply included stating that from their own analysis (that they refered me to in the second paragraph) the trials in 2006/2007 were illegal - and again repeating the question of who I can make a complaint to to get it investigated... Will update if/when I get a reply

@ shabble

"

"It is important to remember that private companies such as ISPs are allowed to do certain things under section 3 of [the Regulation of Investigatory Powers Act] that Law Enforcement Agencies cannot do without permission."

So, companies are allowed to do things that the Government can't do when it comes to monitoring network traffic. Hmmm

"

were are you getting your first quote from shabble, yours is the only reference on the page.....

if your trying to say thats your Opinion, then your wrong, NO companys are allowed to break the law, if its in RIPA or any other legislation and its not on the exclusion list that they cant do it , end of story......

the fact they have.., and jacui has done jack about it tells you lots... not least id it were anyone other than BT that wouldnt have been left so long unresolved.....

IP Numbers

The others are harder to get and look like there are huge blocks assigned to them, but they are gapped.

Another approach would be to allow the search engine bots the normal entry, and just deliver a Phorm awareness page to everyone else.

That way Phorm and the companies involved would not profit from the high search engine exposure. Whilst a more detailed IP mapping list was compiled. There are quite a few databases out there, and some coordinated whois on traffic would reveal the blocks over a short time if people pooled the results.

Getting the list of IP numbers allocated to the UK should not be too hard.

Someone may already have done a lot of the leg work and be willing to share.

The search for these numbers and ranges begins at http://www.iana.org

There is also GEOIP that could help in targeting the main datacenters that the three ISPs use.

http://www.irnis.net/soft/xipl/ is a windows tool that also helps with geographical location.

VM exit strategy?

I'm a Virgin Media cable customer, and I only have a cable connection into my house. If VM go with Phorm I would have to sign with BT as my ISP for 12 months just to get an ADSL connection, before I could finally switch to a non-scumbag ISP.

I appear to be royally screwed - the only way I will be able to escape Phorm will be to use mobile internet. I feel very let down by the government - their position is so bizarre I can only assume there is something underhand or corrupt going on. Ms Gisela Stuart (my MP) won't be getting my vote next time.

I hate this bloody government

I remember being rather happy that day in '97. If only I'd known then what I know now. Taxed to hell; economy heading down the toilet; massive national debt; privacy a thing of the past; freedom rapidly being eaten away; health service up the creek; illegal wars; students screwed by massive debts; total incompetence about anything IT; the list goes on. Add to this, the turning a blind eye to corporate law breaking such the Middle East arms bribery scandal and now rampant privacy invasions by BT and proposed privacy invasions by all and sundry.

I thought that horrible old witch and her cronies were bad back in the 80's but they were nothing compared to this lot. What's worrying is that I can't make up my mind whether they are just incompetent or servants of evil whose purpose is to screw up society so much that it will be easier for Satan to harbour in the apocalypse.

PHORM Investers scamberling for cover

I presume that the goverment are deliberately stalling to allow all the no morals fat cats to get their money back before the axe drops.

These fatcats invested in a dodgy company and should have to take the loss, however the system in this country always uses taxpayers money to save the scum, see LLoyds names, northenrock etc

I think that the gov will get it stuff together eventually once all its mates are out and clear. I wonder if the Pat Hewitt/BT deal had anything to do with the gov's unwillingness to deal with this crime in a timely fashion see http://www.theregister.co.uk/2008/03/13/hewitt_joins_bt/

Godd investment their BT buy yourself a politition avoid prosecution, more and more like the US everyday

The sheeple are all to thick to understand what precedent even means let alone spot them.

The last remaining few of us who have brains and sense don't count. So we should just give up and accept getting spied on until we can escape this dump and go somewhere that's at least obviously a totalitarian hell hole, how does Zimbabwe or China sound?

From The Home Office Website...

This is a bit long winded, but I Think it's rather salient.

Or go to http://security.homeoffice.gov.uk/ripa and follow the links on the left hand table.

"Interception

Use of interception

Interception is strictly regulated to ensure that its use is proportionate to the activity it is deployed against and in circumstances when required information can’t reasonably be obtained by other means.

Who can use interception?

Intelligence services, the police and other law enforcement agencies such as HM Revenue & Customs can use interception if they have a warrant signed by the Secretary of State."

"Communications data

Obtaining and disclosing data

A strict necessity test must be passed before any communications data can be obtained.

Who can obtain communications data?

A range of public authorities can lawfully obtain communications data, including:

law enforcement agencies - such as the police, the Serious Organised Crime Agency and HM Revenue & Customs

other public authorities – such as the Financial Services Authority and the Department for Transport

‘Authorisations’ to obtain communications data are granted by a ‘designated person’ within each of these organisations. Parliament has specified different levels of seniority required to be a ‘designated person’ for different public authorities. For example, the police ranking required is primarily ‘Superintendent’ and for ambulance services it’s ‘Director of Operations’.

All authorities with permission to obtain communications data do so in accordance with a code of practice, and all activity to obtain communications data is independently monitored by the Interception of Communications Commissioner who reports to Parliament annually.

Permission to obtain communications data

A designated person may only grant an authorisation to obtain communications data if they consider it necessary, proportionate and for a reason available to their public authority whether relating to:

the interests of national security

the interests of public safety

protecting economic well-being of the UK

protecting public health

preventing or detecting crime or preventing disorder

preventing or mitigating death or injury or any damage to a person’s physical

or mental health in an emergency

assessing or collecting any tax, duty, levy or other charge payable to a government department

assist investigations into alleged miscarrages of justice

to identify a person who has died or unable to identify themselves because of a condition not attributable to a crime and to obtain details of the next of kin of such a person or to gather information about the causes of their death or condition

Obtaining the data

The designated person may give notice to a communications service provider (CSP) requiring them to disclose specific communications data or grant an authorisation to officials to acquire specific communications data.

Where notice is given, the CSP must comply with the notice within a reasonably practable time and supply data where it is reasonably practable to do so.

If a CSP fails to disclose the required communications data then the Secretary of State may take civil proceedings against them, which may result in the issue of, inter alia, an injunction which would have the effect of compelling the provision of data.

A notice must immediately be cancelled if the reasons for which it was granted are no longer valid."

Don't see ANYTHING about corporations, companies or private individuals being permitted to do ANY of the above.

@VM exit strategy

You're safe - I had just cable at my abode and told them to phuck off sometime ago, called up BT, got them to put in a phone line.. once it was in I went to o2 for my broadband after first getting an assurance that they aren't going down the same road. (I'd advise it's important for everyone to ask this to make sure they know how many people feel strongly enough to leave if the shiny penny is too tempting).

Granted I have a 12 month tie in with BT for the phone, but paying by DD and managing bills online keeps this to a minimum. The phone's not being used until such time as I can move the calls to someone less nefarious.

Other Isp's Secret Trails?

Have any of the other isp's signed up with phorm other than bt came out and said they have never undertaken any secret trails?

i had really weird goings on with my machine on virgin media in may of 2007 same rough date as the bt trails were admitted too, and going off what dr clayton said at the meeting in london earlier in the week - a penny sort of dropped that issues he was describing could happen with the system were the sort of issues that were happening to me at the same time.

I of course post this with my tin hat on for flak obviously but i cant seem to find any statments from talk talk or virgin media denying that they undertook in any sort of trials that bt did.

Any links to comments made about this issue from the relevant isp's to set me straight on this matter would be most welcome.

Why we love to hate lawyers

This situation is precisely why we in the US love the trial lawyers we hate. The downside is numerous silly and annoying lawsuits that defy common sense. However, the upside is that if the government decides not to do something, the civil law can be employed. While we aren't able to put the SOBs in jail, we can nick them for multi-millions which hurts them almost as much -- especially if it causes usually sleepy corporate boards to chuck the CEO out and cut off his country club membership. Except of course when the government decides to actively shield their buddies, as with the telco wiretapping lawsuits in progress -- but they haven't won that one yet. It is fortunately harder for government to do something (immunize their buddies) than do nothing (refuse to investigate).

@AC wrt lol

Those two (at least) are specious. Neither the security or law enforcement services have any need for Phorm to help them with any kind of data surveillance.

I don't for one moment imagine that "the government" are in league with Phorm, it's just that they are a)busy, b)incompetent and c)pitching a huff because we're taking them to task over something that they don't understand. Oh, and they don't like us very much because of a widespread arrogance that delivers statements like :

"The sheeple are all to thick to understand what precedent even means let alone spot them."

You are what you buy.

I'm sick of hearing all this "If politicians were competent.... blah blah".

They ARE competent! Look at how quickly and efficiently the United Kingdom's infrastructure, economy, land, education, media, etc have been opened up to a massive corporate feeding frenzy. Incompetence just happens to be a very very good excuse. They have no reason to care about "us". It's not like we can choose how they spend our taxes.

OK back to corporations*, and specifically BT. If you don't like their product, go elsewhere. If you dislike America, don't buy their wine/cola/cars/films/news/etc. I don't. That's that sorted, right? Right. Buy ethical/sustainable products at twice the price, economically self-punish yourself, and more profit margin for the retailers!

And as for the Phorm guff, it's a private network, what right do people have to privacy of communication across it? Use encryption or put up and shut up. Seriously, if you don't like BT (and believe me I don't after just recieving a demand for about 80 quid for a line and number I cancelled in September!) move to a telephony provider that doesn't use LLU or resell BT ADSL, and therefore BT will not profit. Such as Virgin or.... errrr.... Virgin. If you're lukcy, and if they're any good for you. Maybe.

OK those that can't/won't move to Virgin set up a No. 10 petition, cos that's the way to make things happen: ASK for it! Because the ability to ask for something makes a democracy. Just like the orphanage that Oliver Twist was priveliged enough to attend.

Hmmmm... Maybe we are all rogered after all! Lucky I saw all this coming years ago and made plans, so I'm sorted no matter how bad things get! Now I've been a smug little shite and also suggested a way out of this quagmire for those caught up in it. Mission accomplished! Heh.

- S~I

* An extract from the film "The Corporation". Marc Barry, Author, Spooked: Espionage in Corporate America:

"In 1998 I was invited to Washington DC to attend this meeting that was being put together by the national security agency called the Critical Thinking Consortium. I remember standing there in this room and looking over on one side of the room and we had CIA, NSA, DIA, FBI, Customs, Secret Service, and on the other side of the room we had Coca Cola, Mobile Oil, GTE and Kodak. And I remember thinking, I am in the epicenter of the intelligence industry right now. I mean, the line is not just blurring, it’s just not there anymore. And to me it spoke volumes as to how industry and government were consulting with each other and working with each other."

Strategy: Call it what it is!

Wiretapping is wiretapping no matter what the purpose. It is the same as opening up the mail to see what you get/send. So:

PHORM is WIRETAPPING!

and by inference:

BT is WIRETAPPING!

Carry on!

Thankfully here in the USA they haven't tries this junk yet. If they do, I'm going to be the first to call up the media. There are several radio people who have "consumer" talk shows who will be interested!

The Police seem to have investigated RIPA based complaints before.

Its ridiculous the police are refusing to investigate this they must have conducted investiagations based on RIPA in the past. I seem to remember a case of some waste company that was illegally wire tapping the phones in a village near them to scupper some campaign against the company organised by the locals.

Re: Is anyone genuinely surprised........ By Eponymous Cowherd

Well Jaqui Smith is the Home Office! The same Jaqui Smith who proposed stopping paedos using Bebo by registering their email address with the police. Obviously that would not work, but think what Phorm could do for that idea.

Do you think that Phorm could actually stop someone visiting a particular website using their BT ISP connection?

It looks to me as if Jaqui was counting on Phorm to make her paedo blocking ting work. Obviosuly switching ISP's would carry a 5 year prison term. Also long term Phorm would become law. Like having a government official sitting at the back of the school classroom or a government official on the staff of every news paper and radio station.

Sell! Sell! Sell!

Phorm's share price is a delight to behold. Whilst the FTSE 100 has pretty much moved sideways in the last few months, Phorm is now trading at about 1/3 of where it was in early March. Clearly investors don't have much faith in the brave new world of Webwise.

What if...

What's the score if you have a typical family setup, where parents and children share a computer. Maybe Ma and Pa like to look at adult oriented web sites after the ankle biters are in bed. Are the little darlings going to be bombarded with adult oriented advertising the next time they login to their favourite ad-sponsored kiddie websites?

I hope not.

Most of the 'family PCs' I see have a single login, because the grown-ups can't be bothered (or don't know how) to configure separate accounts for everyone in the family. OK, so they *should* keep things separate, but it doesn't happen. Phorm ain't gonna know who it's serving up 'targetted' ads to, even if it can identify the computer by cookie, ip, whatever.

Why the government will not act.

In the good old days there was the British Post Office running the phones. Every month, a certain number of randomly selected phone lines were monitored for quality and engineering research purposes by GCHQ. The random selection could, of course, be slightly less than random if there was a good reason.

All this was nice and cozey with the government owning the BPO and BPO employees signing the official secrets act.

Let us suppose that this still goes on today even though BT is not government owned. This would mean that the government and BT are breaching RIPA every day. Would it be sensible for the government to start investigating BT for breaching RIPA? I think not.

The government will not act against BT or PHORM. The only hope is for users to implement countermeasures when the system comes into use. The main aim of the countermeasures would be to bring the validity of the collected data into doubt so that nobody would want to buy it or act upon it.

If PHORM uses cookies, then write scripts to modify the cookies every hour or so. Offer the scripts free of charge to anyone who wants to protect themselves.

Can't prove it now but...

During a period of unemployment in 2006 I remember trying out ethereal for the first time on one of my PC's. I noticed some strange IP addresses in the log and I thought I had a Trojan. After many, many checks and please bear in mind I am ultra cautious regarding spy-ware and I lock my PC down pretty well, I found nothing untoward after countless hours of checks to my PC. I didn't understand it and I shut down the PC until the next day so as to 'sleep' on it as it was very worrying. Something was happening that was very strange.

When I tried ethereal over the next few days the strange IP addresses seem to have gone and subsequent checks showed nothing.

When I saw the news reports about BT tests on the TV (two weeks ago?) staring Stephen Mainwaring, one of the IP address names in the report seemed somewhat familiar to the one I remember seeing.

I can't be absolutely certain as I no longer have the saved dump and I am acting on memory, but maybe Virgin Media are keeping one of the nets best kept secrets and is allowing BT to take all the flack.

Either that, or I did have a root-kit or I just couldn't find a Trojan and it decided to disappear of its own accord?. Incidentally, I have removed the like off countless PC's of others who have sought my help and I have never reached a dead end of that sort before. I wish it had turned up again the next day so that I could have tried a few more things.

One thing for certain. The phorm dns name on the TV did look very familiar in my mind and I never ever had any problems on my PC afterwards despite regular countless checks, due to my paranoia, using every reputable spy-ware package under the sun and of course ethereal.

Have Virgin Media ever offered a statement that denies that they have ever had similar tests performed to that of BT.

At last everyone is realising....

that it is all one big illusion and the poor old man on the street does NOT have any rights whatsoever. I have been thru the wringer myself already and can tell you from that experience that there is an unseen code of conduct between the Courts, the Authorities such as Police and a few others and if they want to stop something in its tracks then they can easily telephone their friends and do whatever they like !!. You see what they rely on is the old "it cannot be true" and as 99% of people never need to use the "system" to obtain Justice they never come to know how corrupt it actually is. I could give many examples but I wont bore you with it, save to say that not long ago Met Police were meeting secretly with Judges to discuss various cases. THAT is a known fact, known to some lawyers.

Profiling

In the Data Protection Act, personal data is defined as meaning "data which relate to a living individual who can be identified(a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller.

They key point to note is (b). If there is a means by which supposedly anonymised data can, with other data likely to come into the possession of the data controller, be traced back to an individual, then that supposedly anonymised data is personal data and therefore subject to the provisions of the DPA, which requires the consent of the individuals to whom the personal data relates.

Since IP addresses and user account details are certain to be "in the possession of" BT, they can hardly claim that their actions do not contravene the DPA.

@"If phorm uses cookies" (19:46) (cookie confusion ongoing :()

I'll try to put this politely (again) because apparently it's not yet universally understood: the cookies are irrelevant, the monitoring and analysis goes on regardless of the cookies, all the cookies do is turn on/off the delivery of extra-customised ads.

Imagine a Royal Mail subcontractor opening and reading all your non-encrypted post, and storing details of the "anonymous" information they are reading. They use this "non personal information" (!) to deliver "better targeted" direct mail adverts (for which service they are taking money from the advertisers), while at the same time they are time telling you, the Royal Mail user and customer, that the mail-opening "service" improves your privacy.

Oh, and the Royal Mail trialled the service without telling you, and mail interception was illegal then and now, but they've done nothing illegal.

And Royal Mail's CTO left to work as CTO at LetterOpeners'R'Us.

But if you want to "opt out", a Post-it(tm) on your letterbox (a cookie in your web browser) tells them not to deliver the custom ads, just the routine ones. Till it gets removed.

That's the way Phorm works, except it's BT not the Royal Mail, and it's web traffic not hardcopy mail.

Can sort of prove it

I have similar reservations of the poster above about virgin media running secret trials and not issuing any statment that it has not done similar trials.

but my period of discomfort would be from roughly may 2007 i could dig up my call records to virgin media at this time (they would also have the logs of my time on to technical support) and posts i made about issues are documented about the problems i was having on forums which have a timestamp and date to further back me up.

Would love to hear from anyone confirming if vm have said they have not conducted in any way any sort of secret trial.

Great

So,we are right back where we were in the 70s,80s and early 90s. Plod subcontracts to a private company and no one gives a shit! Same as how they would subcontract tracing agents to find people who they REALLY wanted to "speak to" and "private investigators" to install monitoring devices (Oh all right then, bugs!) in target adresses. Now where did I leave all those cryptographic articles ansd user manuals------

An alternative explanation

First of all, remember the adage "never attribute to malice that which can be explained by incompetence."

Second, consider one of the great management vices of the late 20th century, continuing into the third millenium: a profound distaste for ever being seen to have made a mistake, large or small. Institutional paralysis results, as the only criticism that can then result is that of indecisiveness -- but never the feared "made a mistake."

This is a form of incompetence, as any intelligent person knows that anyone or any organization that actually does anything, that actually makes decisions, is going to make mistakes reasonably often.

I offer this up as an explanation (in part or in whole, I dunno!) of the incredible misbehavior of that cow of a home secretary and her boss the blithering idiot.

Just move

Just move ISP! Don't moan about it, demand your MAC code. I won't matter if you have signed up for a minimum term contract. Point out to BT that they [BT] won't say exactly WHO was part of the 2007 test, so it COULD be "me". Therefore BT are in breach of contract for allowing "my" data to be intercepted without "my" permission. BT may respond that "you" where not in the trial, at which point you ask them to prove conclusively that you where NOT part of the trial - for example showing the list of the people who where in trial.

Of course, they won't do this, so they will probably just give you your MAC code.

Then you can head for an ISP like Fast.co.uk (no, I don't work for them, but they are my ISP) who are advertising:

"We can confirm that we are not one of the ISPs who have had any discussion with, or entered into a contract with Phorm, or any similar company, who use browsing history data to provide targeted advertising. We strongly respect the privacy of our customers, and will never share any customer data".

YOU are the customer. Vote with your wallet by heading elsewhere. Hit them where it hurts - in the bank balance.

As for the inept fools attempting to run the country on our behalf (in the words of the late, great Douglas Adams) - "They'll be the first againsted the wall, come the Revolution!"

Apache add-on?

Does anyone know if there is an Apache module/add-on I can use to recognise HTTP requests from BT? Because if BT put Phorm on-line in an attempt to make money by using *my* web pages to profile users, I want to be able to send a "BT and Phorm can get lost" page instead of my normal sites.

It has recently come to our attention that BT, a major ISP in the United Kingdom, has allegedly been engaging in illegal interception practices possibly for the past few years. These practices involve intercepting traffic between your hosted website and any viewer of that site who is a residential customer of BT, and passing this intercepted information to a company known as Phorm, a known purveyor of spyware and malware. According to some reports, the possibility exists that even SSL encrypted traffic, such as credit card payment pages, may be intercepted due to the way ISP servers operate.

Obviously, this presents a serious fraud risk both for you and your valued customers. Consequently, we have put in place a system to prevent any person using BT as their ISP from accessing your website. Such persons will instead be redirected to a warning page advising them of the fraud risk and suggesting they use a different ISP. We believe that the loss of some visitors to your site is more than offset by the mitigation of the fraud risk presented by this situation.

If you disagree with our action, please advise us as soon as possible, and we will remove the anti-BT blocking at your request. However, should you choose to remove the blocking, you must agree to assume any and all liability for loss and damage as a result of credit card fraud on your website, since we cannot guarantee the security of your data in the face of such interception. In this case we will provide you with an amended Hosting Agreement which you would need to sign and return to us in order for us to continue hosting your website.

If you agree with our action, however, you need do nothing further, and your current Hosting Agreement and all data security guarantees will continue in full force and effect.

Should BT discontinue this practice and provide evidence that they are no longer intercepting their customers' traffic we will of course restore full access to your website for their customers.

Please do not hesitate to contact us if you have any further inquiries concerning this matter.

That's 22 domains that are now off-limits to BT users. So far, all of our clients who have responded have fully supported our action; the possibility of fraud resulting from this illegal interception is something our clients have taken very seriously. I strongly urge other companies hosting eCommerce websites to carry out a similar action, because the legal quagmire that could result from this is a very serious issue, both for you and for your clients.

@ Steve Roper

@ Steve Roper

That's great, it would be good if more hots took the same stance, and it's great that the site owners themselves have (so far) supported you.

The only problem would be if (when?) all 3 of the currently interested providers do implement this system.

Presumably these ecommerces sites you host are geared towards to UK market (just an assumption on my part here)? If so, how many ecommerce site would be happy with their hosts blocking 70% of their potential market?

That's the only fly in the ointment I can see in it for now, but it is stil a strong stance to take. If enough sites took this stance (expecially a couple of big sites such as ebay) then customers would be leaving the said ISPs in their droves, and it would be the best way to hammer home to issue.

Have you contact the BBC, Channel 4, The Guardian and, of course, our own El Reg about them doind a story on this?

For a lot of people, just seeing a news story that parts of the web will be closed to them due to these actions would be enough.

@Steve Roper

@ Steve Roper

Good move,

but as Christophano says, the biggest problem will be persuading ecommerce sites that they don't need 70% of the UK market.

How about an https portal for Phormed ISPs that shows an anti-Phorm banner to Phormed users. eCommerce sites could add a Phorm protection surcharge of a few pence to their prices to cover the cost of the SSL certificate.

In other words, alongside the cost of the product, VAT and delivery will be something like "Privacy surcharge 50p".....

Shouldn't put too many people off and might encourage them to go to an ISP that value their customer's privacy more than the chance to make a quick buck with a former spyware pusher.

@Steve Roper

You, sir, have balls of steel. This is how things get done - by people actually doing something and sucking up the possibility that they might personally lose out as a result of their decision, rather than whining that the government should be the one to do something. Congratulations.

Section 3 of the RIPA Act 2000

(3) Conduct consisting in the interception of a communication is authorised by this section if—

(a) it is conduct by or on behalf of a person who provides a postal service or a telecommunications service; and

(b) it takes place for purposes connected with the provision or operation of that service or with the enforcement, in relation to that service, of any enactment relating to the use of postal services or telecommunications services.

Anyway - I'm taking my ball and going to a different ISP. I have some free time tonight.

@Steve Roper

I'm totally against the Phorm interceptions and the privacy issues it raises. I'm also totally astonished at the sheer lack of suitable response from .gov.

Despite all this, I do wonder whether your response is entirely appropriate.

If you see your clients computers being targeted with some vicious attack, okay, take action. But you didn't take action during the previous BT/Phorm trials (why would you didn't know they were going on) and the next trials haven't started. Don't you think you should have contacted the customers BEFORE making the change.

I'm involved with a number of sites that are aimed predominantly at a UK customer base. If I found one your letters in my post, I'd blow a gasket. What you're saying is that customers are on BT broadband can't get to the site. So if it were my site, with most customers arriving via web advertising, then I've just paid for the click that directed them to my site, but then they're being turned away.

So aside from the huge drop traffic (and thus revenue) I'd still be paying for them arriving in the first place.

".. the legal quagmire that could result from this is a very serious issue... "

I'd suggest that effectively switching off a website without prior consent of your customer could also be a bad thing.

Don't misunderstand me, I think it's great that you are keeping an eye on the issues that could effect your clients, but that's a pretty big change to make and it does seem a bit knee jerk.

@ Steve Roper

Perhaps cutting off the customers is not the best solution as you may only upset the webhosts I support the insertion of a clickthrough warning, whereby the BT VM CW customer are alerted to the fact that they are being watched, but are then allowed to proceed. this is more likely to alert the customers and help spread the word without denying anything.

Are you able to supplie IP ranges so that we may implement this also without having to trawl nominet/other sorces..

Does this include business contracts

I work for the police force in IT, we use BT broadband (supposedly encrypted and secure) for our remote access home users. They access police criminal records, murder enquiries, paedo data, etc is BT going to be intercepting this as well and passing to Phorm. This has got me worried, how many other government agencies etc are going to be profiled or will they be exempt. I asked BT and surprise surprise I got stonewalled.

If the home office arent concerned, they should considering confidential and secret information will be passed to a spyware company!

Phorm Webwise

We've been happily calling this scummy product Phorm. The trouble is that the "service" will be called "Webwise" when it is launched so in a sense all this awareness we're generating will be wasted when the average person doesn't realise they are the same thing. IMHO we need to make sure that the Webwise name is always associated with the negative truth about this technology. May I suggest we refer to it as "Phorm Webwise" from now on?

Phorm Webwise may well me convenient for the Government and Police. If they purchase information from a company that has already collected or gather it by monitoring their traffic it then it's not intercepting personal communications any more as it's a company that is the target.

IP ranges

I'm very much up for putting a large warning notice on my sites pages targeted at BT/CPW/VM customers. But like others I'm short of the IP ranges needed. Perhaps we should use the forum over at badphorm to coordinate getting a definitive list of the ranges needed.

I think this is probably the best (only??) way of getting the issue across to the majority of the ISP customers affected, but it'll take a lot of sites participating to make an impact.

BT - All your data belong to us!

Apparently the following is a response from BT about them stealing other peoples web content to feed phorm:

"For HTTP traffic, we assume that if a website wishes to be found by the public through being profiled by major search engines (Google), then the site is in the public domain and therefore as long as we have consent from the requester of the page, we are permitted to profile the site.

However we note that you have specifically requested that your own website(s) should be excluded. Please can you provide me with the url(s) of your website(s), together with confirmation that you are the website(s) owner, and we will honour your request to exclude your website(s) from profiling within the BT Webwise system.

We believe this approach is reasonable and is supported by the advice we have received. If I require any further information from you (aside from the url) then rest assured I will let you know prior to commencement of our trial."

So - you let Google index your site so we can take your data and profit from it.

But at least they will allow you to tell them that you want to be excluded (do you believe they will).

Re: All your data belong to us!

"For HTTP traffic, we assume that if a website wishes to be found by the public through being profiled by major search engines (Google), then the site is in the public domain..."

I think they have an inadequate grasp of copyright law and you should reply to that effect immediately with a threat to sue if they don't respect your web site's published terms of use.

You have no need to supply them with a URL. Otherwise the RIAA etc. would have to supply each of us with a list of the CDs they didn't want us to copy and we'd be free to copy any they'd missed out (or where the notification hadn't arrived).

A for Adware

You Losers....

are just jealous because none of you are getting "paid" (tax free no doubt) the huge sums of money that the government ministers and top (at least high) level bureaucrats are. How else do you expect these selfless servants of humanity (UK at least) to retire into the splendor and ease that they doubtlessly believe they have earned?

I still don't understand why there appears to be so little noise from corporations about this. Surely (yes, I'm talkin' to you), corps must transmit lots of data that they'd rather not have have inspected.

BT - All your data belong to us!

So, now BT are going to be employing 500 temps just to open all the letters we have to send to keep our sites out of their grubby little hands. Why should we need to supply proof of ownership of the domains - many have whois data as private and that should be respected. And, what about new domains. I register and publish on the same day. Do I then have to block all profiling ISPs from new sites until I have confirmation that they have updated their database to not profile the site. Or does that mean BT customers will be blocked at ISP level from seeing the sites too?

I have 3 servers hosting websites - it would make so much more sense if BT offered a form on their Webwise site that site owners could add IP addresses to, to cover all domains hosted on those IP addresses.

I looked over the BT site to discover how to contact BT to ask this very question. All I could find were forms that needed my account details - the phone numbers of customer services are really well hidden. It is almost as though they redid the site to make contact more difficult.

I don't know why anyone thinks that just because well behaved bots like search engines are allowed into sites that that also means scrapper bots are given access. I have so many IP addresses blocked that I begin to worry that my servers will be slowing down.

HostNameLookups on

If you wish to try the domain blocking technique in Apache

HostNameLookups on

has to be included in your httpd.conf

This will make the site a little slower but no great shakes for smaller sites, and I am willing to take one for the team to get the message out. And if you are using things like webalizer with hostname then it doesn't go through the reverse dns itself.

You can then

Deny from btcentralplus.com

in .htaccess or in httpd.conf or in your virtual host file normally under extras directory.

If your hosting site does not have HostNameLookups, you can do it a scripting language and then apply the conditional in the code.

dig -x ip.nu.mb.er

is a command line tool to do reverse DNS.

Personally I am going for a block then a warning message, I do think that it is not wise to deliver pages that could be actively intercepted, in fact one of the business models I have for a site is severely weakened by the intercept.

I am just blatting out the methods, if people want more help, then just post.

A few more domains

Most of the following domains probably use BT as their provider - they tend to have a monopoly on these type of organisations.

Deny from 25

Deny from gov.uk

Deny from police.uk

Deny from nhs.uk

Each one of these is open to Phorm wire tapping as it stands, if BT won't release who they are doing this to, we don't have many other options but to block their big groups. If all the people in these organisations cannot access a lot of sites in the UK it will make a stink.

@Herby

For you USAians reading here, Phorm may not have tried it on your side of the pond yet, but they are planning to.

In the meantime, you should Google on NebuAd and FrontPorch. They are already doing it to you. (NebuAd have a UK office too.)

"NebuAd is dedicated to the highest standards of consumer privacy. NebuAd’s network was designed from the ground up to meet industry best-practices regarding consumer privacy and protection, and does not collect and use any personally identifiable information. NebuAd has also established industry-leading privacy controls and practices with respect to transparency, consumer notice and consent. NebuAd’s privacy policy provides consumers with clear “Opt Out” instructions."

Reply from my MP...

"Thank you very much indeed for your email of today's date concerning the use of the digital technology, Phorm, that is designed to deliver targeted advertising based on a user's browsing habits."

I fully appreciate your concern over this issue and I am grateful to you for drawing it to my attention. I believe that this form of advertising has the potential to infringe on individual privacy and property rights in data, and consequently needs to be investigated further before its use is permitted

As I understand it, the Home Office has indicated that Phorm's proposed service is only legal if an individual user gives their explicit consent, and as this clearly did not happen when BT ran secret trials in 2006 I am taking this matter up directly with the relevant Home Office Minister. When I have received a response, I shall, of course, write to you again but I should warn you that it can take up to six weeks to receive a Ministerial Reply,"

Good and Evil

My grandfather was a policeman. He rose from village bobby to chief constable. He knew the difference between right and wrong. This is something that we no longer seem to understand, not only concerning Phorm, but across the board.

As for all the organisations prevaricating regarding the legality, let alone the acceptability, of Phorm type activities, you have further lost my respect.

Has anyone read Fahrenheit 451 by Ray Bradbury for a picture of where such technology can lead? But then again, it's probably inevitable but I wonder if there is a conspiracy to get one foot in the door for such technology.

Re: the responses to my action in blocking BT users

The action we took in blocking BT was taken only after careful consideration of the consequences, including the possibility that our clients might not agree with us blocking BT users from their websites. We also considered that, we and most of our clients being based in Australia and much of our business being here or from the USA more than the UK, that UK BT users weren't a large percentage of our market, although a reasonably significant one. We weighed up the potential market loss against the possibility of losses incurred as a result of privacy violations and legal repercussions, should BT or Phorm "accidentally" lose private customer data. After researching Phorm and its dubious background, and noting also the UK's rather poor track record in keeping confidential data secure generally, we decided to implement the blocking and advise our clients of the risk and our response.

Now, our Hosting Agreement provides a Data Security Guarantee, in which we agree to cover client losses due to privacy violations (where such violations are the result of negligence or inadequate security on our part), but only on the proviso that we may implement whatever preventative measures we deem necessary to reduce such violations - including blocking access to individuals, *organisations* and countries we deem to pose an unacceptably high risk.

So our clients are already made aware, when we develop and host their websites, that we may do things like this. For the AC who would "blow a gasket", we were actually anticipating such a response from at least some of our clients, which is why we gave them the option of removing the blocking, provided they waive the Data Security Guarantee. I ask you this: is it unreasonable, if your web host offers the exceptional service (and risk for us) of protecting you financially against data security violations, to expect that if you want to bypass the host's preventative measures, that the host should not then be liable for your losses as a result?

RE: the rise of the thin subscriber

althoughugh perhaps not with Desktopondemand, as their privacy policy reads:

Privacy Policy

We gather two types of information about users: non-personally identifiable and personally identifiable information.

Non-Personally Identifiable Information

We may collect and aggregate non-personally identifiable information indicating, among other things, which pages were visited, which hyperlinks were clicked and where you are using our services from. Collecting such information involves the logging of IP addresses, operating system and browser software used by each visitor to our websites and servers. Although this information is not personally identifiable, we can determine from the IP address a visitor's Internet Service Provider and the geographic location of his or her point of connectivity. This is industry standard practice.

The non-personally identifiable information that we collect (with or without the use of Cookies) helps us, among other things, to monitor our internal operations, improve our services, identify the most popular areas of our services and determine the effectiveness of our services and promotional activities. It also helps us make available higher quality and more useful online services by performing statistical analyses of the collective characteristics and behaviour of the users of our services, and by measuring demographics and interests regarding specific areas of these services.

This non-personally identifiable information may be shared with 3rd party suppliers or partners for the purpose of targeted advertising and sponsorship of one or more areas of our services BUT will not be usable by those suppliers or partners to contact you directly or send you unsolicited sales information.

Personally Identifiable Information

All personal information you submit is collected by using pages that are secured and encrypted by industry standard SSL technology.

We do not collect any information that personally identifies you unless you knowingly and willingly provide it. We explicitly ask for information that personally identifies you only where we require you register for and use one of our services.

Please note that personal information may need to be shared with our payment processing provider(s) for verifying and processing payments and for the purpose of preventing fraud. Information may also need to be shared with Legal authorities BUT will only be done so on presentation of a UK court order or to establish or exercise our legal rights or defend against legal claims.

We will not send email or contact you for any purpose other than directly related to our services or your usage thereof. Nor will we ever sell your contact or personal data to a third party .

That said, as we continue to develop our business, we might sell or buy companies or assets. In the event that Desktop On Demand or its parent company (Defuturo Ltd) is acquired or sells some or all of its assets and/or subsidiaries, customer information and data might be one of the transferred assets.

Your personal information can be updated at any time via an online user control panel or by emailing admin@desktopondemand.com

In the event that you should need to opt out of receiving any promotional communication or newsletters you can reply to any of those communications or newsletters, inserting the word 'unsubscribe' in the subject field. If there are any problems with this, please contact support for assistance.

Data Control

All personal data is handled in accordance with the Data Protection Act 1998. We are members of the Data Protection Register. Registration number Z961586X.

Children

The Desktop On Demand website and software are not intended for persons under the age of 18 and we do not knowingly collect personal information from children under 18.

Privacy Issues

If you should have any concerns or issues regarding the privacy of your personal information on Desktop On Demand please email privacy@desktopondemand.com

Changes to this policy

We reserve the right to make changes this privacy policy and any changes will be announced by email and therefore we encourage users to ensure they have valid contact email addresses registered with us at all times.

@steve roper

I notice that you instigated this change on an opt-out basis.. would it not have been prudent, considering one of the main gripes here, to have made it opt in?

Don't get me wrong, I'm all for generating a bit of people power, because I'm rapidly approaching the point of desiring a revolution against our crappy, self serving government because it is so obviously broken and not fit for purpose!

I guess it's scenarios like this where the right to bear arms would be of great benefit ;)

(please note the dripping of sarcasm in that line)

I contacted chris pirillo about the whole sorry saga in an effort to boost awareness in the US tech circles (the guy does have quite a following, both noob and industry)... sadly the email never got a reply.

Correct me if I'm wrong

I seem to remember an item on The Register some months ago concerning unidentified activity on the Internet, which was possibly Java based, but which no-one could fathom out. There were many posts but it still just remained an unsolved puzzle.

Seems to me this was the unauthorised trial(s) of the Phorm/Webwise system.

The Foundation for Information Policy Research (FIPR) has today sent the Home Office in-depth legal analysis [pdf] of the Phorm behavioural advertising system.

The analysis has been produced by FIPR’s General Counsel (and ORG Advisory Council member) Nicholas Bohm, and complements the technical analysis produced by Richard Clayton earlier this month [pdf]. The analysis shows that Phorm’s systems involve interception of communications contrary to the Regulation of Investigatory Powers Act, fraud, contrary to the Fraud Act, and therefore unlawful processing of personal data, contrary to the Data Protection Act.

Same old, Same Old from BT

"We completely understand the potential concerns of some website owners, who have sensitive/private/password protected websites or areas on their website, and are taking the necessary steps to ensure that password protected sites are excluded from this service and no information will be scanned from these pages. We are also excluding a range of more sensitive categories for example medical, religious and gambling websites. Finally we are also taking steps to ensure that those websites that do not want search engines to 'crawl' them (by the use of robots.txt) will also be excluded from the Webwise service. I hope that clarifies the steps we are taking to address your potential concerns. If not please let me know."

I have asked them why they think that because a website is indexed by Google that gives them the right to use that data to earn them money and that business sites (for example one selling Antiques) may find that by BT scraping their site their visitors then visit a phorm/OIX site and get targeted ads for antiques. BT/phorm potentially earn money from an advert click and the original site looses a sale.

I have also asked them to state precisely what entry needs to go into robots.txt to STOP phorm scraping the site..

robots.txt file

>I have also asked them to state precisely what entry needs to go into robots.txt to STOP phorm scraping the site..

The answer is they will assume that a website allows search engine crawlers to index their site, Phorm will assume permission trawl for keywords for OIX. This is wrong, of course, but I'd be surprised if you don't get a cookie-cutter response.

This issue really has to be pressed with BT/Phorm. Of course, just like with the opt-out/out-in situation, they want to retain value of Phorm/OIX spyware system; fewer users (opt-in) or fewer websites (robots.txt) means fewer profits. They will do everything to avoid making it easier for websites to stop OIX trawling, I bet.